CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2022-33732 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.
2 CVE-2022-33731 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.
3 CVE-2022-33730 787 Exec Code Overflow 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.
4 CVE-2022-33729 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.
5 CVE-2022-33728 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.
6 CVE-2022-33727 1021 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
7 CVE-2022-33726 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.
8 CVE-2022-33725 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.
9 CVE-2022-33724 319 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.
10 CVE-2022-33723 1021 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
11 CVE-2022-33722 2022-08-05 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.
12 CVE-2022-33721 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.
13 CVE-2022-33720 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.
14 CVE-2022-33719 190 Overflow 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.
15 CVE-2022-33718 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.
16 CVE-2022-33717 125 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.
17 CVE-2022-33716 908 2022-08-05 2022-08-11
0.0
None ??? ??? ??? ??? ??? ???
An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.
18 CVE-2022-33715 22 Dir. Trav. 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.
19 CVE-2022-33714 2022-08-05 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.
20 CVE-2022-25831 287 2022-04-11 2022-04-18
1.9
None Local Medium Not required Partial None None
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.
21 CVE-2022-20361 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In btif_dm_auth_cmpl_evt of btif_dm.cc, there is a possible vulnerability in Cross-Transport Key Derivation due to Weakness in Bluetooth Standard. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-231161832
22 CVE-2022-20360 276 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In setChecked of SecureNfcPreferenceController.java, there is a missing permission check. This could lead to local escalation of privilege from the guest user with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228314987
23 CVE-2022-20358 276 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In startSync of AbstractThreadedSyncAdapter.java, there is a possible way to access protected content of content providers due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-203229608
24 CVE-2022-20357 909 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In writeToParcel of SurfaceControl.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-214999987
25 CVE-2022-20356 20 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In shouldAllowFgsWhileInUsePermissionLocked of ActiveServices.java, there is a possible way to start foreground service from background due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-215003903
26 CVE-2022-20355 20 DoS 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In get of PacProxyService.java, there is a possible system service crash due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-219498290
27 CVE-2022-20354 Exec Code 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In onDefaultNetworkChanged of Vpn.java, there is a possible way to disable VPN due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-219546241
28 CVE-2022-20353 20 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In onSaveRingtone of DefaultRingtonePreference.java, there is a possible inappropriate file read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221041256
29 CVE-2022-20352 276 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In addProviderRequestListener of LocationManagerService.java, there is a possible way to learn which packages request location information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-222473855
30 CVE-2022-20350 20 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way to trick the victim to grant notification access to the wrong app due to improper input validation. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228178437
31 CVE-2022-20349 276 Bypass 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In WifiScanningPreferenceController and BluetoothScanningPreferenceController, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315522
32 CVE-2022-20348 276 Bypass 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In updateState of LocationServicesWifiScanningPreferenceController.java, there is a possible admin restriction bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228315529
33 CVE-2022-20347 Bypass 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to remote escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-228450811
34 CVE-2022-20346 125 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In updateAudioTrackInfoFromESDS_MPEG4Audio of MPEG4Extractor.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-230493653
35 CVE-2022-20345 787 Exec Code 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-230494481
36 CVE-2022-20344 362 2022-08-10 2022-08-12
0.0
None ??? ??? ??? ??? ??? ???
In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-232541124
37 CVE-2022-20230 20 2022-07-13 2022-07-26
1.9
None Local Medium Not required Partial None None
In choosePrivateKeyAlias of KeyChain.java, there is a possible access to the user's certificate due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-221859869
38 CVE-2022-20217 863 2022-07-13 2022-07-20
0.0
None ??? ??? ??? ??? ??? ???
There is a unauthorized broadcast in the SprdContactsProvider. A third-party app could use this issue to delete Fdn contact.Product: AndroidVersions: Android SoCAndroid ID: A-232441378
39 CVE-2022-20196 Bypass 2022-06-15 2022-06-24
1.9
None Local Medium Not required Partial None None
In gallery3d and photos, there is a possible permission bypass due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-201535148
40 CVE-2022-20195 502 DoS 2022-06-15 2022-06-24
1.9
None Local Medium Not required None None Partial
In the keystore library, there is a possible prevention of access to system Settings due to unsafe deserialization. This could lead to local denial of service with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID: A-213172664
41 CVE-2022-2481 416 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Views in Google Chrome prior to 103.0.5060.134 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via UI interaction.
42 CVE-2022-2480 416 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Service Worker API in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
43 CVE-2022-2478 416 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in PDF in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
44 CVE-2022-2477 416 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Use after free in Guest View in Google Chrome prior to 103.0.5060.134 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
45 CVE-2022-2415 787 Overflow 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in WebGL in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
46 CVE-2022-2399 416 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Use after free in WebGPU in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
47 CVE-2022-2295 843 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Type confusion in V8 in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
48 CVE-2022-2294 787 Overflow 2022-07-28 2022-08-04
0.0
None ??? ??? ??? ??? ??? ???
Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
49 CVE-2022-2165 2022-07-28 2022-08-02
0.0
None ??? ??? ??? ??? ??? ???
Insufficient data validation in URL formatting in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.
50 CVE-2022-2164 Bypass 2022-07-28 2022-08-03
0.0
None ??? ??? ??? ??? ??? ???
Inappropriate implementation in Extensions API in Google Chrome prior to 103.0.5060.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted HTML page.
Total number of vulnerabilities : 193   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.